I have a Universal Windows Application in GitHub. Now, the problem comes when I want to use Continuous Integration: the temporary key isn't uploaded with the code, so the CI build breaks saying:
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(1930,5): warning APPX0104: Certificate file 'UniversalApp_TemporaryKey.pfx' not found.
My question is: should I upload that file for the CI build agent to be able to compile or is there any danger uploading the key to a public repository?
As discussed here you can store in in AppVeyor YAML file rather than checking in into repository.
Or you can simple store it somewhere outside of GitHub at all, at secure location and download during every build. You can keep secrets you need to download as AppVeyor secure variables